Are you sure that he's receiving the list emails directly? Is it
possible that he has a confederate or sympathizer on the list who is
forwarding him the original list emails that he is then forging
replies to?
I would double-check to make sure that even list members cannot see
the addresses of other list members, because he may have gotten the
email addresses that way.
Your original idea of a 'red herring' message with a per-address
uniquie identifier is theoretically sound, but it would have to be a
message such that it would entice your abusive user to respond to it
in order to find your 'leak'.
The other responses have the best approach I think. If you don't have
Terms of Service already that people had to agree to, then you need to
retroactively come up with some, inform your users and require that
they respond in the affirmative to the new rules or they're removed
from the list. Then if the abuse continues, you definitely need to
bite the bullet and move this towards legal action. I think this is
especially true depending on what activities of the person lead you to
categorize it as cyberstalking.